Hello,
Recently, I downloaded camunda-webapp-tomcat-standalone-7.15.0.war and deployed it into a tomcat installation. When browsing to http://server:8080/camunda, I am redirected to
http://server:8080/camunda/app/admin/default/setup/#/setup
where I am prompted to create the initial admin user. At my work, we do not want to use LDAP yet.
The question is: how can I configure the war file to include an administrator user with a password (similar to adding database connection information in WEB-INF/applicationContext.xml)?
We need to have a fully automated (via ansible) mechanism to provision Camunda onto the existing tomcat installation. This is why we have this requirement.
What is the best practice for bootstrapping an internal database-based admin user into Camunda??
Hello @bland999,
The admin user information is stored in your database, and once you initialize the user via the setup screen, you will not have to do so again for any engine connecting to your database.
Are you able to complete the setup process for the database via the UI?
Otherwise you could input the admin user manually via SQL statements in the database.
Best,
Emma
Thank you very much for your reply. The use case we have at work is to automate the installation process completely, in order to deploy Camunda to multiple environments having standalone Tomcat servers.
If you can kindly point me to documentation that explains the SQL statements to run, that would be great. If you can supply the statements here, that is even better and I am sure would help others.
Thank you in advance for your time and efforts.
Hello again @bland999,
I actually think this is the documentation you’ll want to use rather than an SQL query – Authorization Service | docs.camunda.org
This should allow you to specify an admin user and group.
Then you can utilize the REST API to create the users. Create user | docs.camunda.org
Would that be a viable solution for you?
This is definitely a viable solution, and I actually did read that documentation previously. There is only one puzzling detail that I don’t understand: even if I enable the AdministratorAuthorizationPlugin, it is designed to grant administrator privileges to a user, i.e. the “admin” user as in the example in the link.
The missing piece is what is the password of that user? Even though the user has admin access, where does one specify the user’s password?
You can use the Create User endpoint to create the admin user with the desired password:
https://docs.camunda.org/manual/latest/reference/rest/user/post-create/
Well, after several days of puzzling over this, I have it working. The URL’s supplied in this thread are not correct (but I sincerely appreciate you trying to help… though it cost some long evenings). The proper URL for Camunda 7.15 is /camunda/api/admin/setup/default/user/create. The /api/admin/setup resources are for one-time, bootstrap purposes only, exactly what I needed.
For anyone in the future looking for an ansible solution, the following is it, and if you know ansible, it is easy to follow.
- name: Ensure there is a Camunda workspace
file:
path: /root/workspace/camunda
state: directory
owner: root
group: root
mode: '0755'
when:
- ansible_host == camunda_server_bootstrap_server
- name: Upload the administrative user data file
template:
src: camunda_admin_user.json.j2
dest: /root/workspace/camunda/camunda_admin_user.json
owner: root
group: root
mode: '0600'
when:
- ansible_host == camunda_server_bootstrap_server
- name: Contact Camunda to get a session and XSRF token
uri:
url: http://{{camunda_server_bootstrap_server}}:{{tomcat_server_connector_port}}/camunda/
method: GET
when:
- ansible_host == camunda_server_bootstrap_server
register: output_camunda_get
- debug: var=output_camunda_get
when:
- ansible_host == camunda_server_bootstrap_server
# This can only succeed ONCE. Running it twice or more will give the error "Setup action not available".
# https://jar-download.com/artifacts/org.camunda.bpm.webapp/camunda-webapp/7.7.0-alpha1/source-code/org/camunda/bpm/admin/impl/web/SetupResource.java
- name: Create the administrative user
uri:
url: http://{{camunda_server_bootstrap_server}}:{{tomcat_server_connector_port}}/camunda/api/admin/setup/default/user/create
method: POST
headers:
Cookie: "{{output_camunda_get.cookies_string}}"
Content-Type: application/json
X-XSRF-TOKEN: "{{output_camunda_get.cookies['XSRF-TOKEN']}}"
remote_src: true
src: /root/workspace/camunda/camunda_admin_user.json
status_code: [200, 204]
when:
- ansible_host == camunda_server_bootstrap_server
register: output_camunda_post
- debug: var=output_camunda_post
when:
- ansible_host == camunda_server_bootstrap_server
The template json file is as follows:
{"profile": {"id": "{{camunda_server_admin_user_id}}","firstName":"Joe","lastName":"Administrator", "email":"noreply@example.com"}, "credentials": {"password":"{{camunda_server_admin_user_password}}"} }
1 Like